MoinMoin Logo
  • Comments
  • Immutable Page
  • Menu
    • Navigation
    • RecentChanges
    • FindPage
    • Local Site Map
    • Help
    • HelpContents
    • HelpOnMoinWikiSyntax
    • Display
    • Attachments
    • Info
    • Raw Text
    • Print View
    • Edit
    • Load
    • Save
  • Login

Navigation

  • Start
  • Sitemap
Revision 2 as of 2014-04-09 11:51:44
  • heartbleed

heartbleed

The Heartbleed Bug is a serious vulnerability in the popular OpenSSL cryptographic software library. This weakness allows stealing the information protected, under normal conditions, by the SSL/TLS encryption used to secure the Internet.

http://helpdesk.wisc.edu/page.php?id=39080

How to check for vulnerable versions of OpenSSL

Versions 1.0.1 to 1.0.1f are potentially vulnerable. Version 1.0.1g if the fixed version. Other versions of OpenSSL (1.0.0 branch, 0.9.8 branch) are not vulnerable.

A basic version check: openssl version -a

A more specific check: openssl version -a| grep -oE '1.0.1[a-g]{1}?|DOPENSSL_NO_HEARTBEATS'

This should return the version, assuming version 1.0.1x. If the OPENSSL_NO_HEARTBEATS flag shows up then it’s not vulnerable regardless of version.

  • MoinMoin Powered
  • Python Powered
  • GPL licensed
  • Valid HTML 4.01